Abstract
The information technology advances that provide new capabilities to the network users and providers, also provide powerful new tools for network intruders that intend to launch attacks on critical information resources. In this paper we present a novel network attack diagnostic methodology, based on the characterization of the dynamic statistical properties of normal network traffic. The ability to detect network anomalies and attacks as unacceptable when significant deviations from the expected behavior occurs. Specifically, to provide an accurate identification of the normal network traffic behavior, we first develop an anomaly-tolerant nonstationary traffic prediction technique that is capable of removing both single pulse and continuous anomalies. Furthermore, we introduce and design dynamic thresholds, where we define adaptive anomaly violation conditions as a combined function of both magnitude and duration of the traffic deviations. Finally numerical results are presented that demonstrate the operational effectiveness and efficiency of the proposed approach under the presence of different attacks, such as mail-bombing attacks and UDP flooding attacks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
REFERENCES
L. Zou and Z. Haas, Securing ad hoc networks, IEEE Network, pp. 24–30, November/December 1999.
R. Zalenski, Firewall technologies, IEEE Potentials, Vol. 21, pp. 24–29, February/March 2002.
R. Buschkes, D. Kesdogan, and P. Reichl, How to increase security in mobile networks by anomaly detection, Proceedings of the 14th Annual IEEE Computer Security Applications Conference, pp. 3–12, December 1998.
W. Lee and D. Xiang, Information-theoretic measures for anomaly detection, Proc. IEEE Symposium on Security and Privacy (S&P 2001), pp. 130–143, 2001.
John Platt, A resource-allocating network for function interpolation, Neural Computation, Vol. 3, pp. 213–225, 1991.
A. Chakrabarti and G. Manimaran, Internet infrastructure security: A taxonomy, IEEE Network, Vol. 16, No. 6, pp. 13–21, November/December 2002.
R. K. C. Chang, Defending against flooding-based distributed denial-of-service attacks: A tutorial, IEEE Communications Magazine, Vol. 40, No. 10, pp. 42–51, October 2002.
Andrei S. Monin, Weather Forecasting as a Problem in Physics, MIT Press, Cambridge, Massachusetts 1972.
M. Dutta, (Ed.) Economics, Econometrics and the Links, North Holland, 1995.
W. Kinsner, Fractal and Chaos Engineering, Lecture Notes, Department of Electrical and Computer Engineering, University of Manitoba, 1994.
Man-Chung Chan and Chi-Chung Fung, Incremental adaptation of resource-allocating network for nonstationary time series, International Joint Conference on Neural Networks, Vol. 3, pp. 1554–1559, 1999.
Garnett P. Williams, Chaos Theory Tamed, Taylor and Francis Limited, 1997.
R. O. Duda, and P. E. Hart, Pattern Classification and Scene Analysis, Wiley, 1973.
M. J. D. Powell, Radial basis function for multivariate interpolation: A review. In J. C. Mason, and M. G. Cox, (Eds.), Algorithm for Approximation, Clarendon Press, Oxford, pp. 143–168, 1987.
Rok Rape, Dusan Fefer, and Janko Dmovsek, Time series prediction with neural networks: A case study of two examples, IEEE Instrumentation and Measurement Technology Conference, May 1994.
Ben Jacobsen, Time Series Properties of Stock Returns, Amsterdam: Kluwer Bedrijfsinformatie, 1997.
Stefan Schaal and Christopher G. Atkeson. Constructive incremental learning from only local information, Neural Computation, 1999.
Yiu-Ming Cheung, Wai-Man Leung, and Lei Xu, Adaptive rival penalized competitive learning and combined linear predictor model for financial forecast and investment, International Journal of Neural Systems, Vol. 8, Nos. 5/6, October/December 1997.
C. Manikopoulos and Symeon Papavassiliou, Network intrusion and fault detection: A statistical anomaly approach, IEEE Communications Magazine, Vol. 40, No. 10, pp. 76–82, October 2002.
F. Mo and W. Kinsner, Prediction and modeling of nonstationary temporal signals with fractral characteristics, IEEE Canadian Conference on Electrical and Computer Engineering, Vol. 2, pp. 581–584, 1998.
M. L. Fravolini, G. Campa, M. Napolitano, and Y. Song, Minimal resource allocating networks for aircraft SFDIA, IEEE International Conference on Advanced Intelligent Mechantronics Prodeedings, pp. 1251–1256, July 2001.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jiang, J., Papavassiliou, S. Detecting Network Attacks in the Internet via Statistical Network Traffic Normality Prediction. Journal of Network and Systems Management 12, 51–72 (2004). https://doi.org/10.1023/B:JONS.0000015698.32353.61
Issue Date:
DOI: https://doi.org/10.1023/B:JONS.0000015698.32353.61